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DETAILED ACTION 

1 . Application submission for RCE filed on June 7, 2006 has been entered. 

2. Claims 21-39 are pending. Claims 1-20 are cancelled by the applicant. 



Claim Rejections - 35 USC § 112 

3. Claims 21 and 31 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 21 and 31 recite the limitations "the authentication handler", "the 
authentication gateway authority", lacks proper antecedent basis. The examiner is 
interpreting these limitations as " an authentication handler", "an authentication 
gateway authority". 
Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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4. Claims 21, 24-27, 29-31, 33-37 and 39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Ueshima (US Patent No. 6,731,731) in view of Yu et al (US 
Patent No. 6,067,621) in view of Tabuki (US Patent No. 5,841,970) and in view of Le et 
al (US Pub. No. 2003/0105962). 

As per claim 21 . Ueshima teaches: 

registering user's public, private, and the authentication client device identities with the 
authentication authority [Fig. 1, col. 12 lines 34-35, col. 10 lines 12-20]. 
Ueshima teaches the portable mobile communication terminal is used to generate one 
time password [col. 4 lines 1-6, col. 6 lines 8-9, col. 8 lines 27-32] and a plurality of 
authentication system units is presented on the network [col. 11 lines 39-42]. The 
authentication system unit provides the authentication based on the one-time password 
[col. 12 lines 42-44, col. 15 lines 17-21, 31-36, Fig. 1]. 

Ueshima doesn't expressively mention conducting synchronization between the 
authentication authority and user's authentication client device. 

However, Yu teaches generating the one-time password [Fig. 2, 4] and conducting 
synchronization between the authentication authority and user's authentication client 
device [col. 5 lines 14-17, Fig. 1, col. 8 lines 32-35]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Yu with Ueshima, since one would have been 
motivated to provide an improved user authentication system [Yu, col. 3 lines 15-16]. 
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Ueshima and Yu teach the one-time password [Ueshima, col.8 lines 23-24, Yu Fig. 2]. 
Ueshima teaches providing the Web services to the user based on the result of 
authentication/verification process [col. 3 lines 51-53]. The authentication unit verifies 
the one-time password [Fig. 1 , col. 12 lines 42-44, col. 8 lines 23-24]. 
Tabuki teaches: 

submitting the authentication data to a business application server; composing user 
identity verification request message by an authentication handler which is a plug in 
software installed on the business application server; forwarding the identity verification 
request message to the authentication authority, verifying the user's identity by the 
authentication authority by checking the identity verification request message; 
composing identity verification response message and sending the authentication 
handler the response message by the authentication authority; receiving the identity 
verification response message by the authentication handler; informing the business 
application server about the verification status by the authentication handler, granting 
permission for the user to access protected resources by the business application 
server upon a positive user identity verification [Fig. 1, 2, col. 4 lines 10-37, col. 5 lines 
13-17, col. 2 lines 37-44]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Tabuki with Ueshima and Yu, since one would have 
been motivated to alleviate the burden on the application server [Tabuki, col. 2 lines 14- 
15]. 
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Tabuki teaches forwarding the request to the authentication/verification server [Fig. 1 , 
2]. Tabuki doesn't expressively mention an authentication gateway authority. 
However, Le teaches submitting the identity verification request message to an 
authentication gateway authority and forwarding the identity verification request 
message from the gateway authority to the authentication authority [Fig. 1 , 3, paragraph 
0035, paragraph 0040]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Le with Ueshima, Yu and Tabuki, since one would 
have been motivated to provide improved user authentication/verification system [Yu, 
col. 3 lines 14-15]. 

As per claim 24 , the rejection of claim 21 is incorporated and Le teaches: 
the gateway authority (i.e. proxy) and the authentication authority to be separated and 
placed in the Internet accessible environment to achieve a scalable and distributable 
solution [Fig. 1]. 

As per claim 25 , the rejection of claim 21 is incorporated and Yu teaches: 
the authentication authority and the authentication client device contain means to 
generate one-time and non-predictable identity codes independently for user identity 
authentication or verification [Fig. 1, 2, col. 8 lines 32-35]. 

As per claim 26 , the rejection of claim 21 is incorporated and Ueshima teaches: 
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user public identity, authentication client device identity, and user private identity [Fig. 1, 
col. 15 line 10, col. 10 lines 12-13]. 
Yu teaches: 

the synchronization is conducted by executing a set of math function comprising hash, 
power and modular math operators with the input of information [Fig. 2, 3, 6, col. 10 
lines 7-18, col. 8 lines 49-51]. 

As per claim 27 , the rejection of claim 21 is incorporated and Yu teaches: 
the authentication authority and the authentication client device contain means to 
generate confirmation codes to verify the success of the synchronization [col. 5 lines 14- 
37, col. 8 lines 49-57]. 

As per claim 29 , the rejection of claim 21 is incorporated and Ueshima teaches: 

the authentication client device comprising the use of portable, hand-held devices [col.4 

lines 1-4]. 

As per claim 30 , the rejection of claim 21 is incorporated and Tabuki teaches: 
the method can be used as an ID verification method for any business entity to verify 
the user identity over a channel selected from the group consisting of the Internet, 
phone and other communication means [col. 4 lines 44-47], 
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As per claim 31 , it is a system claim corresponds to method claim 21 and is rejected for 
the same reason set forth in the rejection of claim 21 above. 

As per claim 33 , the rejection of claim 31 is incorporated and further claim 33 is a 
system claim corresponds to method claim 24 and is rejected for the same reason set 
forth in the rejection of claim 24 above. 

As per claim 34 , the rejection of claim 31 is incorporated and further claim 34 is a 
system claim corresponds to method claim 25 and is rejected for the same reason set 
forth in the rejection of claim 25 above. 

As per claim 35 , the rejection of claim 31 is incorporated and further claim 35 is a 
system claim corresponds to method claim 26 and is rejected for the same reason set 
forth in the rejection of claim 26 above. 

As per claim 36 , the rejection of claim 31 is incorporated and further claim 36 is a 
system claim corresponds to method claim 27 and is rejected for the same reason set 
forth in the rejection of claim 27 above. 

As per claim 37 , the rejection of claim 31 is incorporated and further claim 37 is a 
system claim corresponds to method claim 29 and is rejected for the same reason set 
forth in the rejection of claim 29 above. 
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As per claim 39 . the rejection of claim 31 is incorporated and further claim 39 is a 
system claim corresponds to method claim 30 and is rejected for the same reason set 
forth in the rejection of claim 30 above. 

5. Claims 22, 23, 32 and 38 are rejected under 35 USC 103 (a) for being 
unpatentable over Ueshima (US Patent No. 6,731,731) in view of Yu et al (US Patent 
No. 6,067,621) in view of Tabuki (US Patent No. 5,841,970) and in view of Le et al (US 
Pub. No. 2003/0105962) and further in view of Brown et al (US Pub No. 2002/0169988). 

As per claim 22 . the rejection of claim 21 is incorporated and Brown teaches: 
establishing and publishing the authentication authority Web services to Web service 
industry's registries by the authentication authority [paragraph 0025, Fig. 1 "Service 
providers 1 1 host a network accessible software module. A service provider defines a 
service description for a Web service and publishes it to a service registry 13"]. 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Brown with Ueshima, Yu, Tabuki and Le, since one 
would have been motivated to use Web services because Web services offers the dual 
promise of simplicity and pervasiveness. Web services are based on the extensible 
Markup Language (XML) standard data format and data exchange mechanisms, which 
provide both flexibility and platform independence [Brown, page 1 paragraph 0002, 
0006]. 
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As per claim 23 , the rejection of claim 22 is incorporated and further Brown teaches: 
using Web Services Description Language (WSDL) to publish said authentication 
authority Web services, and use Universal Description, Discovery and Integration 
(UDDI) standard to discover said authentication authority Web services published by 
other authorities [page 3 paragraph 0032, 0034 "The logical interface and the service 
implementation are described by the Web Services Description Language (WSDL). 
WSDL is an XML vocabulary used to automate the details involved in communicating 
between Web services applications, Referring back to FIG. 1, the service can be 
publicized by being registered in a standard-format web registry 13. This registry 
makes it possible for other people or applications to find and use the service. For 
example, one can publish descriptive information, such as taxonomy, ownership, 
business name, business type and so on, via a registry that adheres to the Uniform 
Description, Discovery and Integration (UDDI) specification or into some other XML 
registry"]. 

As per claim 32 , the rejection of claim 31 is incorporated and further claim 32 is a 
system claim corresponds to method claim 22 and is rejected for the same reason set 
forth in the rejection of claim 22 above. 
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As per claim 38 . the rejection of claim 31 is incorporated and Brown teaches: 
the gate way authority, authentication authority means, said authentication handler 
means, and the authentication client means are arranged to use Simple Object Access 
Protocol (SOAP) to communicate, and use Hypertext Transport Protocol (HTTP) 
packets to transmit data over Secure Socket Layer (SSL) [page 3 paragraph 0043 "The 
SOAP security extension included with WebSphere Application Server 4.0 is intended to 
be a security architecture based on the SOAP Security specification, and on widely- 
accepted security technologies such as secure socket layer (SSL). When using HTTP 
as the transport mechanism, there are different ways to combine HTTP basic 
authentication, SSL, and SOAP signatures to handle varying needs of security and 
authentication"]. 

6. Claim 28 is rejected under 35 USC 103 (a) for being unpatentable over Ueshima 
(US Patent No. 6,731,731) in view of Yu et al (US Patent No. 6,067,621) in view of 
Tabuki (US Patent No. 5,841,970) and in view of Le et al (US Pub. No. 2003/0105962) 
and Ha et al (US Pub. 2003/0152254). 

As per claim 28 , the rejection of claim 26 is incorporated and Ha teaches: 

the user private identity comprises the user's biometric identity and other shared secret 

information [Fig. 2A, 2C, paragraph 0030, 0015]. 
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Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Ha with Ueshima, Yu, Tabuki and Le, since one 
would have been motivated to provide improved user authentication/verification system. 



7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nirav Patel whose telephone number is 571-272-5936. 
The examiner can normally be reached on 8 am - 4:30 pm (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-10.00. 
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